You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2021/05/17 11:52:01 UTC
svn commit: r1889956 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/
oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/
oak-security-spi/src/main/java/org/apache/j...
Author: angela
Date: Mon May 17 11:52:01 2021
New Revision: 1889956
URL: http://svn.apache.org/viewvc?rev=1889956&view=rev
Log:
OAK-9433 : TokenAuthentication.authenticate: throw specific exception for expired credentials
Added:
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenCredentialsExpiredException.java (with props)
jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenCredentialsExpiredExceptionTest.java (with props)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java?rev=1889956&r1=1889955&r2=1889956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java Mon May 17 11:52:01 2021
@@ -25,6 +25,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
import org.apache.jackrabbit.oak.spi.security.authentication.LoginModuleMonitor;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConstants;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenCredentialsExpiredException;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.jetbrains.annotations.NotNull;
@@ -102,7 +103,7 @@ class TokenAuthentication implements Aut
}
//------------------------------------------------------------< private >---
- private boolean validateCredentials(@NotNull TokenCredentials tokenCredentials) {
+ private boolean validateCredentials(@NotNull TokenCredentials tokenCredentials) throws TokenCredentialsExpiredException {
// credentials without userID -> check if attributes provide
// sufficient information for successful authentication.
String token = tokenCredentials.getToken();
@@ -116,9 +117,13 @@ class TokenAuthentication implements Aut
long loginTime = new Date().getTime();
if (tokenInfo.isExpired(loginTime)) {
// token is expired
- log.debug("Token is expired");
+ String msg = "Token is expired";
+ log.debug(msg);
tokenInfo.remove();
- return false;
+
+ TokenCredentialsExpiredException tce = new TokenCredentialsExpiredException(msg);
+ monitor.loginFailed(tce, tokenCredentials);
+ throw tce;
}
if (tokenInfo.matches(tokenCredentials)) {
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java?rev=1889956&r1=1889955&r2=1889956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java Mon May 17 11:52:01 2021
@@ -29,6 +29,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.LoginModuleMonitor;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConstants;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenCredentialsExpiredException;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.junit.After;
@@ -156,7 +157,8 @@ public class TokenAuthenticationTest ext
fail("LoginException expected");
} catch (LoginException e) {
// success
- verify(monitor).loginFailed(any(LoginException.class), any(Credentials.class));
+ assertTrue(e instanceof TokenCredentialsExpiredException);
+ verify(monitor).loginFailed(any(TokenCredentialsExpiredException.class), any(Credentials.class));
}
// expired token must have been removed
@@ -260,7 +262,8 @@ public class TokenAuthenticationTest ext
fail("LoginException expected");
} catch (LoginException e) {
// success
- verify(monitor).loginFailed(e, tc);
+ assertTrue(e instanceof TokenCredentialsExpiredException);
+ verify(monitor).loginFailed((TokenCredentialsExpiredException) e, tc);
}
verify(ti, Mockito.never()).matches(any());
Added: jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenCredentialsExpiredException.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenCredentialsExpiredException.java?rev=1889956&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenCredentialsExpiredException.java (added)
+++ jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenCredentialsExpiredException.java Mon May 17 11:52:01 2021
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authentication.token;
+
+import javax.security.auth.login.CredentialException;
+
+/**
+ * Subclass of {@link CredentialException} indicating that the token credentials used for repository login have expired.
+ *
+ * @since Oak 1.40
+ */
+public class TokenCredentialsExpiredException extends CredentialException {
+
+ /**
+ * Constructs a {@code TokenCredentialsExpiredException} with the specified detail message describing this particular exception.
+ *
+ * @param msg the detail message.
+ */
+ public TokenCredentialsExpiredException(String msg) {
+ super(msg);
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenCredentialsExpiredException.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java?rev=1889956&r1=1889955&r2=1889956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java (original)
+++ jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java Mon May 17 11:52:01 2021
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("1.7.0")
+@Version("1.8.0")
package org.apache.jackrabbit.oak.spi.security.authentication.token;
import org.osgi.annotation.versioning.Version;
Added: jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenCredentialsExpiredExceptionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenCredentialsExpiredExceptionTest.java?rev=1889956&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenCredentialsExpiredExceptionTest.java (added)
+++ jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenCredentialsExpiredExceptionTest.java Mon May 17 11:52:01 2021
@@ -0,0 +1,15 @@
+package org.apache.jackrabbit.oak.spi.security.authentication.token;
+
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+
+public class TokenCredentialsExpiredExceptionTest {
+
+ @Test
+ public void testMessage() {
+ String msg = "expired";
+ TokenCredentialsExpiredException e = new TokenCredentialsExpiredException(msg);
+ assertEquals(msg, e.getMessage());
+ }
+}
Propchange: jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenCredentialsExpiredExceptionTest.java
------------------------------------------------------------------------------
svn:eol-style = native